jln@acns.nwu.edu (John Norstad) (02/03/90)
In the announcement of Disinfectant 1.6 I mentioned that I'm working on version 2.0, and I thought you might be interested in some of the things I've been planning and working on. Version 2.0 will be a major new release. * 2.0 will be a real non-modal application, with a menu bar, multiple windows, support for DAs, MultiFinder program switching, scanning in the background, etc. * More and better clone detection and repair capabilities. * Much improved online document, with screen shots and other pictures. You can print both reports and the online document, with user-selectable font, font size, and margins. The printed document will have a title page, table of contents, page headers, intelligent page breaks, and other nice formatting features. Version 2.0 actually has a miniature built-in text formatter just to do this nice printing of the document. All of this code is reusable, and will be available to anybody who might want to implement a similar documentation and help system in their own program. * Version 2.0 will be configurable. I plan to use a scheme similar to the one Jeff Shulman uses in Virus Detective. * You will be able to schedule scans. E.g., wake up at 3 am and scan all of your AppleShare servers. * Version 2.0 will come with a new protection INIT designed for use by novices. It will only catch the known viruses. It will NOT be a general- purpose suspicious activity monitor. People who want the stronger protection offered by the fancier and bigger INITs can use Chris Johnson's excellent Gatekeeper INIT. There's no need for me to reinvent that wheel. My INIT will be completely idiot-proof and very tiny - just throw it in your system folder and reboot. It will not be configurable, and will never ask the user to make a complicated decision. * 2.0 will include checksumming - scan a disk, compute checksums, save the checksums, come back a week later, scan and checksum again, compare new checksums to saved checksums, report which files have changed and how. This is the only really good way to detect new viruses. * 2.0 launches much faster than 1.6 - just a few seconds. * The online doc window comes up much faster than in 1.6 - almost instantaneously. * 2.0 includes a context-sensitive online help system. E.g., click on an error message, and the document comes up scrolled to the detailed description of that error. * There are some very interesting possibilities involving the new inter-application communications feature of Apple's system 7.0. For example, other programs could send messages to Disinfectant asking it to scan and/or repair files on their behalf, and send back a report. This kind of thing probably won't be in Disinfectant 2.0, but I'm beginning to consider the possibilities. Don't hold your breath waiting for 2.0. I have a real job, and I mostly work on Disinfectant at home at night and on the weekends. I'm in a coding frenzy right now, and the work is going well (maybe half of the stuff listed above already works), but it will still be at least several months before the new version is released. Also, don't take any of this as promises - I may decide not to implement something I listed above for some good (or bad) reason. It's just a list of my current ideas and tentative plans. I'm posting it here because I know people are interested, and I have nothing to gain by keeping it all a big secret. There are four aspects to fighting the virus problem: a) Detection. b) Repair. c) Protection. d) Education. Disinfectant 1.6 does a good job in categories a) and b), and an excellent job in category d). Version 2.0 will be even better in these three categories, and will also cover the missing category c). What I'm striving for is a complete solution to the Mac virus problem all in a single package (in fact, in a single file). Of course, with all this new stuff, I'll have to charge double - the program will still be free :-) John Norstad Northwestern University jln@acns.nwu.edu
jspear@gryphon.COM (Jon Spear) (02/05/90)
In article <3467@accuvax.nwu.edu> jln@acns.nwu.edu (John Norstad) writes: >In the announcement of Disinfectant 1.6 I mentioned that I'm working on >version 2.0, and I thought you might be interested in some of the things >I've been planning and working on. Version 2.0 will be a major new >release. [list of really nifty improvements to be coming] >Don't hold your breath waiting for 2.0. I have a real job, and I mostly >work on Disinfectant at home at night and on the weekends. >Of course, with all this new stuff, I'll have to charge double - the >program will still be free :-) Disinfectant is great stuff, cheap. Your work to combat this problem is significant, and greatly appreciated. This future version of Disinfectant sounds very nice, and the re-usable user interface code should prove very handy for other applications. We salute you and the others who have worked so hard to keep the Macintosh world safe from unwanted vermin. I must wonder, though, where this will all lead to. Are we doomed to a never-ending stream of new virii followed by a scramble to come up with and distribute new countermeasures? The real solution to the virus problem has got to be either preventing the miscreants from spawning these nasties, or to make our systems less vulnerable to attack. We haven't got any way to stop people from creating viruses or worms, so we must reduce our vulnerability. John Norstad and others have worked admirably and effectively to address many aspects of the problem. But they can only do so much to patch up a system with many holes. Why do we have so many holes? Wouldn't we expect the manufacturer to be doing something about the problem? But Apple offers only a half-fast virus detector (VirusRX) that most Mac users will never receive or even hear about. And even if you have it, it can only tell you you've been infected, not prevent it. The most effective defenses are those that can only be built into the computer and operating system. What, if anything, is Apple doing? Oh well... I don't really want to pay for a multi-level secure system with a kernel proven to meet the Orange-book A1 criteria, nor would such a system be very friendly to use or manage. But a protected-mode operating system would eliminate many virus mechanisms. There are many other reasonable measures that could be taken to make the Mac more secure, but they require a comittment by Apple and software developers to make them happen. {This started out as a pat on the back for John Norstad, but I guess it kind of devolved into hand-wringing. Oh well... I feel better already.} -Jon -- ----- Jon L. Spear: DDN/ARPAnet: spearjl@afsc-sdx.af.mil Voice: (213)316-9371 USnail: PO Box 98, Redondo Beach CA 90277 [The following address evaporates any day. New address sought.] jspear@gryphon.COM <routing site>!gryphon!jspear gryphon!jspear@elroy.jpl.nasa.gov "With computers we can make billions of mistakes every second!"
erics@eleazar.dartmouth.edu (Eric Schlegel) (02/05/90)
In article <25539@gryphon.COM> jspear@gryphon.COM (Jon Spear) writes: >A protected-mode operating system would eliminate many virus >mechanisms. There are many other reasonable measures that could >be taken to make the Mac more secure, but they require a comittment >by Apple and software developers to make them happen. Protected-mode OS: granted, and it's coming, but it'll still be a while. In the meantime, what else did you have in mind? Perhaps we can start a discussion on standard anti-viral measures in applications. -eric -- --------------------------------------------------------------------------- Eric Schlegel '90 | "Never underestimate the bandwidth of a eric.schlegel@dartmouth.edu | station wagon full of tapes."
jalden@eleazar.dartmouth.edu (Joshua M. Alden) (02/05/90)
In article <19126@dartvax.Dartmouth.EDU> erics@eleazar.dartmouth.edu (Eric Schlegel) writes: >In the meantime, what else did you have in mind? Perhaps we can start >a discussion on standard anti-viral measures in applications. >--------------------------------------------------------------------------- >Eric Schlegel '90 | "Never underestimate the bandwidth of a >eric.schlegel@dartmouth.edu | station wagon full of tapes." There is already such a discussion going on on comp.virus. PLEASE don't start it here; not only will it duplicate what has already been said, but it will increase bandwidth on a newsgroup which already has a very high number of messages per day. Thank you. -Josh. -- /--------------------------------------------------+-------------------------\ |Josh Alden, Consultant, Kiewit Computation Center | HB 48, Dartmouth College| | Private mail: Joshua.Alden@dartmouth.edu | Hanover, NH 03755 | | Virus mail: Virus.Info@dartmouth.edu | (802) 295-9073 |
Q8N@psuvm.psu.edu (Scott D. Camp) (02/05/90)
>In article <3467@accuvax.nwu.edu> jln@acns.nwu.edu (John Norstad) writes: >[bunch of stuff deleted] >Don't hold your breath waiting for 2.0. I have a real job, and I mostly >work on Disinfectant at home at night and on the weekends. > >Of course, with all this new stuff, I'll have to charge double - the >program will still be free :-) > I have a lot of respect for the time and effort going into the Disinfectant product being produced by Norstad. As a graduate student struggling to produce a dissertation while working formerly as a consultant and now a faculty member (fixed term appointment as instructor), his work has saved me personally many hours of frustration in dealing with the problems created by virus programs. All of this for the great price of nothing! However, I had assumed, obviously incorrectly, that his work was at least being subsidized by Northwestern University in terms of allowing him time to produce the product. If Northwestern is NOT providing some incentive for Norstad to work along these lines, may I humbly suggest that they do so. Northwestern is being rewarded for ITS affiliation with Norstad since so many Mac users obviously have great respect for the work being done by him. If Northwestern IS providing some development/release time or something similar, then please ignore remarks in above paragraph. >>In article <25539@gryphon.COM>, jspear@gryphon.COM (Jon Spear) says: >> >>Disinfectant is great stuff, cheap. Your work to combat this >>problem is significant, and greatly appreciated. This future >>version of Disinfectant sounds very nice, and the re-usable user >>interface code should prove very handy for other applications. >>We salute you and the others who have worked so hard to keep the >>Macintosh world safe from unwanted vermin. >> [bunch of stuff dealing with vulnerability of Apple's approach] I do not have the technical background to begin to address Apple's strategy regarding building some types of virus protection into system software. So, I won't. However, I would like to add my voice to those raised on the net thanking Norstad and others for the work they have done. For those of you who may suggest this is a misuse of bandwidth, let me just say that it is better here than in Norstad's mailbox. ------- Scott D. Camp Dept. of Sociology The Pennsylvania State University 305 Oswald Tower University Park, PA 16802 814-863-0393
jln@acns.nwu.edu (John Norstad) (02/06/90)
In article <90035.214836Q8N@PSUVM.BITNET> Q8N@psuvm.psu.edu (Scott D. Camp) writes: > If Northwestern is NOT providing some incentive for Norstad to work along > these lines, may I humbly suggest that they do so. Northwestern is being > rewarded for ITS affiliation with Norstad since so many Mac users obviously > have great respect for the work being done by him. I absolutely must waste just a tiny bit of bandwidth to correct this (it was my fault for not being clearer). Northwestern has in fact very generously let me do a great deal of my work on Disinfectant on company time. They even more generously let me give it away for free. I don't know of any companies that would let an employee do this, and very few universities. NU deserves lots of credit and thanks. John Norstad Northwestern University jln@acns.nwu.edu
Q8N@psuvm.psu.edu (Scott D. Camp) (02/06/90)
In reply to my previous posting: In article <3538@accuvax.nwu.edu>, jln@acns.nwu.edu (John Norstad) says: > >I absolutely must waste just a tiny bit of bandwidth to correct this (it >was my fault for not being clearer). Northwestern has in fact very >generously let me do a great deal of my work on Disinfectant on company >time. They even more generously let me give it away for free. I don't >know of any companies that would let an employee do this, and very few >universities. NU deserves lots of credit and thanks. > >John Norstad >Northwestern University >jln@acns.nwu.edu I stand corrected. My original assumption that Northwestern should be recognized for Disinfectant (along with John Norstad, of course) was the valid assumption after all. The reason I raised this issue at all was that I appreciate the efforts of J. Norstad and Northwestern University. If it helps to further justify continued efforts at NU, then buck this message to appropriate parties. I do recognize the invaluable service John Norstad, with the cooperation of Northwestern University, is making to the Macintosh community of users. And I agree, not many universities would commit the staff and resources to supporting an effort such as this one. Let's here it for NU! Scott Camp q8n@psuvm.edu
CRANER@YaleVM.YCC.Yale.Edu (Richard S. Crane) (02/06/90)
Tell us how we should let Northwestern know that your work and their cooperation is appreciated
Justin_Randall_Padawer@cup.portal.com (02/06/90)
This fellow John Norstad deserves a little bandwidth, I'd say. THANKS FROM ONE USER IN TENNESSEE. You saved our system. -- Randy Padawer Internet: Justin_Randall_Padawer@cup.portal.com
wiseman@tellab5.TELLABS.COM (Jeff Wiseman) (02/07/90)
In article <90036.153607Q8N@PSUVM.BITNET> Q8N@psuvm.psu.edu (Scott D. Camp) writes: [stuff deleted] >I do recognize the invaluable service John Norstad, with the cooperation of >Northwestern University, is making to the Macintosh community of users. And >I agree, not many universities would commit the staff and resources to >supporting an effort such as this one. Let's here it for NU! W'raaaayyy!! PS. I have resolved much grief on the part of serveral mac'ers (myself included) utilizing the benefits of this public service. Disinfectant is my number one attack on suspicious machines at the place I work! -- Jeff Wiseman: ....uunet!tellab5!wiseman OR wiseman@TELLABS.COM
phil@vaxphw.enet.dec.com (Phil Hunt) (02/07/90)
In article <19126@dartvax.Dartmouth.EDU>, erics@eleazar.dartmouth.edu (Eric Schlegel) writes... }In article <25539@gryphon.COM> jspear@gryphon.COM (Jon Spear) writes: }>A protected-mode operating system would eliminate many virus }>mechanisms. There are many other reasonable measures that could }>be taken to make the Mac more secure, but they require a comittment }>by Apple and software developers to make them happen. } }Protected-mode OS: granted, and it's coming, but it'll still be a while. }In the meantime, what else did you have in mind? Perhaps we can start }a discussion on standard anti-viral measures in applications. } }-eric } }-- }--------------------------------------------------------------------------- }Eric Schlegel '90 | "Never underestimate the bandwidth of a }eric.schlegel@dartmouth.edu | station wagon full of tapes." ================================================================== Phil Hunt "Wherever you go, there you are!!!" Digital Equipment Corporation Phone: (508)486-2164 ENET: VAXPHW::PHIL USENET: phil@vaxphw.enet.dec.com MOREUSENET: phil%vaxphw.dec@decwrl.enet.dec.com EVENMORE: ....!decwrl!dec-vaxphw!phil